eBay fraud and me: My absolutely ridiculous experience

No, I didn't bid $13,000 for 500 LED lights.

Whether it was outright fraud or just a prank, I don't know—but I do know that eBay UK shows about as much concern for identity theft as your average sea urchin.

Approximately one month ago, I received a notice from eBay UK saying I had won an auction for 500 LED lights at a cost of US$13,000. At first I thought it was some ridiculous phishing attempt, but the e-mail referenced my name. Checking out the links included, the message had every appearance of being legitimate.

Concerned that someone had gamed eBay into thinking that my e-mail address was associated with a valid eBay bidding account, I reached out to the company's UK support team. I wanted to let them know that someone had set up an account under my name and then bid successfully on an auction, even though their e-mail address had never been confirmed (such a confirmation would have necessarily arrived in my inbox). My message was brief: “Someone set up an account on eBay, [redacted], using my e-mail address. It is not me. Please cancel that account or at least stop sending me this person's e-mail. I live in the USA, not the UK.”

The response I received was ridiculous.

I realise the importance of this matter to you. Ken, let me share that sometimes, e-mail service providers 'recycle' an e-mail address. For example, someone may have had this e-mail address before you, joined eBay, and then after a period of inactivity, your e-mail service provider allowed you to choose the same e-mail address. If this is the first time that you registered an eBay account, and the e-mail address that you entered has already been used, I suggest you enter a different e-mail address to register your account. When registering on eBay, please ensure that the e-mail address you entered is not linked to another eBay account.

Lastly, please note that your e-mail address can only be used for one account at a time. This also applies to eBay User IDs. I trust this information is helpful. Please let us know if we can be of any further assistance.

This nonsensical reply clearly indicated to me that someone was having reading comprehension issues. I responded: “I have had this e-mail address exclusively since the day Gmail launched. I believe someone is trying to engage in fraud. To wit: someone bid and won a $13,000 item and now I am getting e-mails asking that I pay it. Please delete this account!”

This was the point at which things crossed from the ridiculous to the shockingly absurd. eBay UK actually had the gall to tell me that I should log into an account that I never created and ask for the forgiveness of the seller of those 500 LED lights.

“I realise the importance of this issue to you, Ken," began eBay's response. It continued:

I can see that you are new on eBay and I am more happy to help you with this. To resolve this, as this was an honest mistake, the best thing to do is contact your seller '[redacted]' through e-mail or phone to explain the matter amicably. This type of situation can be resolved through an open and honest communication between buyers and sellers...

After clarifying the issue, you can ask them to open a Cancel Transaction case in the Resolution Centre for them to get their Final Value Fee credit they've incurred when you won the item. To make it easier, you can tell them the steps on how they can open a Cancel Transaction dispute in case they still don't know how.

Here are the steps:

1. Go to My eBay > Resolution Centre.
2. Click 'I sold an item - I want to cancel a transaction'.
3. Follow the instructions to open the case.

Opening the case triggers an e-mail for you to confirm that you've agreed to cancel the transaction. As soon as you confirm the cancellation, they can close the case and receive a credit for their Final Value Fee. This means you won't receive any negative remark on your account and the transaction will be recorded as mutually cancelled.

At this point, I was truly worked up. eBay's response was basically to make me do the dirty work to end a problem that the company should have been able to prevent in the first place. My final message to eBay UK ran:

“I fear that no one is paying attention to what I am telling you. I did not register this account. I have nothing to do with this account. I do not live in the UK. I do not use eBay. I am not going to sign in through an account I did not create in order to communicate with a seller. I had nothing to do with this transaction and I am not going to expend further effort to settle the matter. As I see it, the problem is on your end, and you need to address this.”

I received no further contact from eBay UK support, although they are happy to spam me with various enticements to bid on other items, despite having sent me a nastygram about never paying for the auction item I "won."

I have long been reticent about using services like eBay, and this experience has convinced me that the company is not only incapable of battling fraudulent behavior, it's unwilling even to make the attempt. I've heard it said that the rule on eBay is caveat emptor—buyer beware. But the caution should actually extend further than that. After all, I wasn't even a buyer.

Ken Fisher
Ken is the founder & Editor-in-Chief of Ars Technica. A veteran of the IT industry and a scholar of antiquity, Ken studies the emergence of intellectual property regimes and their effects on culture and innovation. Emailken@arstechnica.com//Twitter@kenfisher

219 Reader Comments

I've been using eBay since 1999, and only had one transaction go bad (international money order to Canada; they claimed they never got it, which may very well be true). Of course I only buy via eBay, never sell.

I had an older lady in Florida start using my email address by mistake -- same abbrev of first name and last name, with our common ISP domain. I think she signed up with an additional letter in there, that she then forgot to include when using it for anything. You think it's annoying getting chain emails from your family, try getting them from someone else's family! My attempts to reply to her family/friends who were trying to send her all this crap, to get them to tell her to fix her email (since I had no way to contact her directly), were apparently interpreted as my being some kind of scam artist, probably from Nigeria. I just put all her friends into an email filter and ignored it all.

It only got fixed some time after I received an email notice from an airline that their family's purchased tickets for their Thanksgiving travel were moved up two hours and at a different gate at the airport in Florida. By Christmas, I received no more of her email. I always wonder if they missed their flight, which made them finally look into the fact they weren't getting any email, and fix it.

In this case, I doubt that Ken would find anything out of the ordinary there, and too much time may have passed, but it might be worth checking the gmail account activity log. If the site in question did require mail verification for activation, and someone pulled off a stunt like this ... well, there would be implications. If that's not applicable here, okay, but it might be in the future. (Load gmail in a browser; at the lower right of each inbox page, there's a link for reviewing account activity. I do not know how far back the log goes, and the more active you are the less value it will have, as your own activity may swamp it. Right now, for example, mine shows periodic activity from Thunderbird on my desktop PC. Yeah, no kidding. Not useful.)

But here's the tricksy part: in the early years of Gmail, periods were valid characters and not ignored.

Real world example:* long ago I registered first.last@gmail.com* a couple years later someone else with the same name registered firstlast@gmail.com* a couple years after that, Gmail eliminated periods, and forced the other guy to change his address.* he has been pretty lax about getting people to use his new address.* I continue to get some of his email.

Slightly different situation around email addresses, but a couple years ago I set up an additional email address with my ISP, (the address was apparently used in the past by someone else but had lapsed). I started receiving alumni emails from a university so did the supposedly helpful thing and contacted them, outlining the situation to the effect of "Hey, this email is mine now (not $Person) and your records seem to be outdated, please stop emailing this address".

The response? "Please provide your graduation year so we can look up your record". :-P

People don't read anymore... just send the scripted response and hope they go away.

I live in Brazil and i am a regular ebay buyer. Already bought items from Australia(N95 8GB), USA (Razer lycosa), China (GTX 260 216) and other stuff... all went smooth...

I'm just sad that american shops and some physical sellers are so tight assess with international buyers... I understand that are customs issues and the such but Rep Point should count for when you are gonna buy from them right??

I think maybe I've bought-sold a dozen things on eBay since their inception: all tech gear, mostly high-end server stuff. Never had a problem except for tons of semiweekly spammy hints popping up in my inbox encouraging me to avail myself of more "opportunities." Wish I knew how much of their business comes from PayPal. Wow, what an inspired acquisition that was! Bet John D. Rockefeller rolls over in his grave wondering how he forgot to buy up Western Union and Wells Fargo. StandardUnionFargo, a/k/a U.S.A., Inc. Now _that_ was the man Dick Cheney could have been without the misfortune of multiple aneurisms.

I constantly have people sign up for some dating sites in the UK with my gmail account. Also some guy in Slovakia thinks my email is his email and has instructed people to send pictures of his family on vacation to it before along with signing up for things that end in .sk. I also had a foreign student asking about if they're taking the right courses for their college degree. My solution has been to create gmail filters for it and just send them to the trash.

The only issue I really experienced on eBay was spamming-buyers. I sell my old hardware (things like cellphones, my old PSP) on eBay and 80% of the time there would be a winning bidder with zero feedback that wouldn't pay.... like someone created a fake account just to mess with auctions. I get the art of trolling, but I don't get what's funny about trolling eBay auctions. Its happened so many times, I actually factor the possibility into my consideration of selling things on eBay now.... and I was thoroughly shocked when the last time I sold a cellphone on eBay, the first winning bidder actually paid for it.

You just have to be super-detail oriented to use eBay wisely. One time I was selling my old G1 on eBay... for shipping options, I chose U.S. ONLY and I stated in the auction 'U.S. only', but I was offering to pay for the shipping as an incentive. Well, the auction still shows up in international eBay listings because that's a whole other option to turn off and on and I had no idea... so some dude from Guam won my G1... and the estimated shipping cost was nearly $200. Ah... NO. Lucky for me the text of my auction stated I would only ship to the U.S. and was able to cancel the sale without repercussions.

I can see how such complications would deter those with less patience.

That's probably unnecessary. All they have to go on is a so-called "Ken Fisher" that lives in the UK and an email address. They don't have a street address or any other personally-identifiable information that could be used to link this back to our Ken in the US and thus affect his credit.

What is the point of this for the person creating the eBay account? Piss off the seller by placing a fake winning bid so they never get paid? Piss off Ken by impersonating him? Or did the seller actually think that they could trick someone into sending them $13,000 because eBay told them to?

This the most curious part to me. Why? Why bother with this.

Now, as it turns out, there is some other "Ken Fisher" who lives in the UK, and whose emails routinely come into my inbox. It's like he gives out the wrong address on Gmail. I get all kinds of strange stuff. So I thought it might be him.

But who buys 13 grand of these lights? That leads me to think it was some prank.

It could also be a bug in Gmail.

I routinely get email meant for another person that has a similar gmail address (one character difference). At first I thought people were just mis-typing the address, and it was coming to me by mistake.

I have confirmed that even when typed correctly I still get the email. I reported the problem to Gmail numerous times, I received a standard reply that there were taking no significant action.

Maybe, much like the strong password article, Ars can do one on good E-mail names?

True. Or go one better--get your own domain. Aside from some spamming (which software can effectively deal with), I rarely have issues. And, control the mail server.

I have a "name buddy" from France. He has the same name and email as me except mine is @.com and his is @.fr. He owes me big time as I occasionally pass along important emails of his that accidentally get sent to me instead of him, including one for an interview for a job at a major gaming company that he now works for. Also we have a few mutual acquaintances now because he knows a lot of sexy french girls who've added me on MSN. Thanks name buddy, you're the best.

1. Facebook (evidently it had let you create your account without verification, which is intensely stupid)2. Flowers.com3. Various sites around Hawaii (if your name is Ina or Ira or Inez or Irene, guess what, you have your email wrong)4. furry-paws.com5. Stardoll.com6. moshimonsters.com (Someone is a horrible parent for not getting their kids' email address right)7. The YMCA

As well as:

1. University faculty emails to other faculty members in the UK2. Confidential emails from lawyers to clients3. Overage notices from ATT and account suspension (Good job, Steven!)

This is why I use email for domains (which they're turning off, thanks.)

Yes the above is an actual feedback received by another ebay user. There is a lot I don't like about ebay, like their ever-rising fees, and their marriage to PayPal. Nonetheless I remain a user because to me, the drawbacks are outweighed by the positives. Due to the huge pool of users, it's one of the most convenient ways for me to sell low-demand items that I can't get rid of on Craigslist. If due diligence is exercised, it's also a great place to find deals on both cheap consumables like razor blades, and high-end stuff like used electronics. Out of hundreds of purchases I think only a couple of times has a seller tried to rip me off.On the other hand, I've had buyers attempt to defraud me several times, and one or two have been successful. As this article points out, there's plenty of room for improvement in their fraud prevention, but they are trying, and I think they're doing a much better job than they were years past.

It sounds like you need to recycle your e-mail address ASAP. Or use E-bay's resolution center to report the issue. I've used it several times and they have resolved every issue to my satisfaction in just a few days.

You just have to be super-detail oriented to use eBay wisely. One time I was selling my old G1 on eBay... for shipping options, I chose U.S. ONLY and I stated in the auction 'U.S. only', but I was offering to pay for the shipping as an incentive. Well, the auction still shows up in international eBay listings because that's a whole other option to turn off and on and I had no idea... so some dude from Guam won my G1... and the estimated shipping cost was nearly $200. Ah... NO. Lucky for me the text of my auction stated I would only ship to the U.S. and was able to cancel the sale without repercussions.

What is the point of this for the person creating the eBay account? Piss off the seller by placing a fake winning bid so they never get paid? Piss off Ken by impersonating him? Or did the seller actually think that they could trick someone into sending them $13,000 because eBay told them to?

This the most curious part to me. Why? Why bother with this.

Now, as it turns out, there is some other "Ken Fisher" who lives in the UK, and whose emails routinely come into my inbox. It's like he gives out the wrong address on Gmail. I get all kinds of strange stuff. So I thought it might be him.

But who buys 13 grand of these lights? That leads me to think it was some prank.

It could also be a bug in Gmail.

I routinely get email meant for another person that has a similar gmail address (one character difference). At first I thought people were just mis-typing the address, and it was coming to me by mistake.

I have confirmed that even when typed correctly I still get the email. I reported the problem to Gmail numerous times, I received a standard reply that there were taking no significant action.

Maybe, much like the strong password article, Ars can do one on good E-mail names?

True. Or go one better--get your own domain. Aside from some spamming (which software can effectively deal with), I rarely have issues. And, control the mail server.

Ding!

I have quite a few personal domains, and I used to use one of them (my surname.com) as an email catch all. About two years ago, I just bought another domain to serve that purpose, and anything that needs an email address, I just use the company name as the user (eg bobsharddrives@ worthlessdomain.com). Have all mail coming to that domain dump into one account, and you have an unlimited supply of email addresses without having to sign up for gmail, yahoo, et al. As an added benefit, if I get emails from Seka's Sex Toys to the address bobsharddrives@, I know Bob is probably selling my info (and I can just bounce all future email coming to that address.

It looks like a phishing scam to me. I get emails like this all the time, announcing that I won some ridiculous auction for an amount of money that makes no sense at all. Most of these spams have a contact link that is actually their server in Rumania or something, on the chance that you'll be so upset at paying 15,000 for LED lights that you won't notice that it isn't a real ebay link. They'll intersperse some real links in the mail now, too, so it looks more official.

Ebay has nothing to do with them, and they aren't selective. I get these from banks I don't use, places I'll never shop, etc.

I've bought about 40+ things from eBay over the years, and out of those 40 transactions I've only ever had an issue with one seller. I bought and paid for the item, yet the seller never shipped it. When I tried contacting him I would get a response within 24hrs, but the response would be empty promises and excuses. After nearly two weeks of this I initiated the issue resolution process, and a week later I had a refund of my money.

Rarely my purchases are buy it now, if they are they normally have an auction option to it, but I needed the item sooner than waiting for the auction to end and deal with shipping.

I've been using the mobile app the last year or so to keep an eye on used paintball equipment sales in order to ensure I have a keen grasp on the value of an item and what people are paying for it in order to open my own online shop. It has been an invaluable tool to this end. Every now and again I see something pop up for an un-resistable price and go through the purchase process, but there have been a few times where I've held off buying due to the sellers history (or lack there of). Moral of the story: as with any purchase, do due diligence.

As for Gmail, I recall reading somewhere that the google servers don't differentiate an email address with a period (.) in it from one that doesn't. Ex: wingding@gmail.com vs. wing.ding@gmail.com are the same email address to google. I can attest to this as there is someone with my email address (minus the period) and I receive his emails sometimes.

It looks like a phishing scam to me. I get emails like this all the time, announcing that I won some ridiculous auction for an amount of money that makes no sense at all. Most of these spams have a contact link that is actually their server in Rumania or something, on the chance that you'll be so upset at paying 15,000 for LED lights that you won't notice that it isn't a real ebay link. They'll intersperse some real links in the mail now, too, so it looks more official.

Ebay has nothing to do with them, and they aren't selective. I get these from banks I don't use, places I'll never shop, etc.

Except that he checked the links and they all lead back to eBay. The account apparently does exist and did place that bid.

For the record, I actually bought 2 strands of 300 LEDs just like those to make my portal xmas tree over the holidays and I have since repurposed them to accent lighting in my living room. They are very handy and well made lights Ken. You should pay the man. That being said. I only paid about $35 for the set of 2 at 300 LEDs a pop. Seems to me you overpaid.

( seriously though they are good lights. if anyone wants to see them in action ill take pics. just ask. )

This does not make sense. If they register an account with your email address, they have to confirm this first or not? I don´t remember when I registered on Ebay but I don´t think you can bid or sell or anything until you confirm your email address. It seems someone has maybe discovered a bug on the confirmation procedure which lets them confirm the email link?

Also, how would Ebay let 2 accounts have the same email address in the first place?

Can the author maybe research this? Why does he try to recover the password of the other account if its also registered with his email address? I don´t understand the article to be honest as it does not make to much sense on how someone else would register and bid something with this email, assuming his email is already used as well on Ebay.

Slightly different situation around email addresses, but a couple years ago I set up an additional email address with my ISP, (the address was apparently used in the past by someone else but had lapsed). I started receiving alumni emails from a university so did the supposedly helpful thing and contacted them, outlining the situation to the effect of "Hey, this email is mine now (not $Person) and your records seem to be outdated, please stop emailing this address".

Maybe it was deliberate. I updated my records with my college's alumni office with a fake email address, fake phone number, and a fake mailing address two time zones away. It's the only way I could get them to stop asking for money.

The title is very misleading, eBay didn't FRAUD you, someone either used your email address to register for an account, but that's not possible because you have to activate your eBay account from the registered gmail address or your email account has been compromised or you had an eBay account and someone stole it. Even if that's the case, you can refuse to pay for the item you "won" and there's nothing the seller can do about it, worst case, eBay will issue a violation to your eBay account and that's about it.eBay is a buyer market, it has two layers of protection for buyers just in case something goes wrong, you have eBay buyer protections just in case "item is not as described", "not received", "broken" etc also you have PayPal protection for "unauthorized transaction", same as above.

eBay is a great place to buy almost about everything, my only beef with eBay is knock-offs and fake items but common sense wins anytime.

One more thing about eBay is that they outsource their regular customer service to India..etc and sorry to say while they're very nice on the phone but the customer service they provide is very scripted and robot-likes, fortunately customer service for ebay sellers (especially PowerSellers) is top-notch and most of the time when you call, you speak to reps in the US.

I've had this sort of problem (accounts registered by notme, using my email.) I've had ATT Uverse service, I've had multiple dating Services, I've had Seattle Groupons. Never any reason to think anything was compromised, after staring at it long enough. The only one I took any action on was the ATT Uverse one, which ATT basically told me to let it ride, as it was obviously not billing to an e-mail address.

Yeah, I get that a lot. One lady, in particular, insists on using my Gmail account as her own "disposable". Due to her indiscretion, I have a record of her phone number, address, medication refills and lingerie purchases. Those aren't even the more sensitive things, either. She's lucky I'm not a creep of some sort; I could stalk her so easily it isn't even funny.

Edit: I also get similar mail from others. She's just the worst case.

Stalking doesn't immediately come to mind but sending a letter to that person to knock it off does.

I had a similar case, email from a woman ordering rather personal items. I initially contacted the seller, but what can they do? She left in the email address.

After the 4th or 5th time I spent 5 minutes googling the person and got a significant amount of information: address, phone number, spouse's name, and interestingly, a public legal request regarding an easement on their property. I called the number and got her spouse, and explained the situation. I think more importantly, I impressed upon him how easily I had found HIS information with information his WIFE had given to a stranger.

Haven't received any emails addressed to her since.

Dilbert wrote:

The trick is to find the right person it the long LONG chain of command over there and send them a personalized message. That will get the ball rolling.

I've had some luck googling the email format of a given company along with their CEO. The CEO didn't reply personally, but the problem got fixed PDQ.

Its the garage sales of the internet. You still have to wade through all the junk to find those gems.

I personally like the ones that have shady web domains like phonestyling.1800sellyour.crap.com, and on the website their prices will be 25% lower than what they sell everything for on e-bay.

Any good deals I find, I almost always lose in the last minute by being out bid just to point where it's no longer a deal. As result, if its anything I actually want it takes me a week or two to have a successful purchase.

Like I purchased a Original Sega Genesis with 30+ games, 2 controllers, and AV/Power cables for $60, but it took me a week with several failed bids, and then having to haggle a guy down from his buy-it now price that was about to expire. Its just too much work most of the time to save a few bucks.

I've been in the situation of [Person A] on a couple of my Gmail accounts which I created during the early phases of the invite-only beta. Google for whatever reason seems to have no interest in rectifying their mistake, and closing these duplicate [Person B] email accounts which should have never been allowed to be created.

None the less, if this is indeed what's happening for you as well, lay the blame on Google for their idiocy, not Ebay.